Postfix Virtual Hosting With LDAP Backend With Dovecot As IMAP/POP3 Server On Ubuntu Hardy Heron 8.04 TLS - Page 2

Step 3: let's configure postfix

To use the dovecot sasl we need to add the following:

postconf -e "smtpd_sasl_type = dovecot"
postconf -e "smtpd_sasl_path = private/auth"

To enable dovecot deliver as default we need to add the following:

postconf -e "mailbox_transport = dovecot"
postconf -e "dovecot_destination_recipient_limit = 1"
postconf -e "mailbox_command = /usr/lib/dovecot/deliver"

Now we need to add the transports for dovecot deliver and gnarwl:

vi /etc/postfix/master.cf

Insert the following:

dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient)
gnarwl    unix  -       n       n       -       -       pipe
   flags=F  user=vmail argv=/usr/bin/gnarwl -a ${user}@${nexthop} -s ${sender}

To allow sasl authenticad users to send mail through postfix add the following to the entry smtpd_recipient_restrictions = permit_mynetworks

vi /etc/postfix/main.cf

Add

permit_sasl_authenticated

Next we need to configure the ldap backend for postfix.

Insert the followong text at the end of the /etc/postfix/main.cf.

Modify this to comply with your configuration (see assumptions).

ldap_bind_dn = cn=admin,dc=example,dc=tld
ldap_bind_pw = secret
ldap_search_base = o=hosting,dc=example,dc=tld
ldap_domain = dc=example,dc=tld
ldap_server_host = localhost
ldap_server_port = 389
ldap_version = 3

# aliases
aliases_server_host = $ldap_server_host
aliases_search_base = $ldap_search_base
aliases_query_filter = (&(&(objectClass=VirtualMailAlias)(mail=%s))(accountActive=TRUE))
aliases_result_attribute = maildrop
aliases_bind = yes
aliases_cache = no
aliases_bind_dn = $ldap_bind_dn
aliases_bind_pw = $ldap_bind_pw
aliases_version = $ldap_version

# VirtualForward
virtualforward_server_host = $ldap_server_host
virtualforward_search_base = $ldap_search_base
virtualforward_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(vacationActive=FALSE)(forwardActive=TRUE)(accountActive=TRUE)(delete=FALSE))
virtualforward_result_attribute = maildrop
virtualforward_bind = yes
virtualforward_cache = no
virtualforward_bind_dn = $ldap_bind_dn
virtualforward_bind_pw = $ldap_bind_pw
virtualforward_version = $ldap_version

# Accounts
accounts_server_host = $ldap_server_host
accounts_search_base = $ldap_search_base
accounts_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(forwardActive=FALSE)(accountActive=TRUE)(delete=FALSE))
accounts_result_attribute = mailbox
accounts_cache = no
accounts_bind = yes
accounts_bind_dn = $ldap_bind_dn
accounts_bind_pw = $ldap_bind_pw
accounts_version = $ldap_version
accountsmap_server_host = $ldap_server_host
accountsmap_search_base = $ldap_search_base
accountsmap_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(forwardActive=FALSE)(accountActive=TRUE)(delete=FALSE))
accountsmap_result_attribute = mail
accountsmap_cache = no
accountsmap_bind = yes
accountsmap_bind_dn = $ldap_bind_dn
accountsmap_bind_pw = $ldap_bind_pw
accountsmap_version = $ldap_version

# virtual quota
quota_server_host = $ldap_server_host
quota_search_base = $ldap_search_base
quota_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(accountActive=TRUE)(delete=FALSE))
quota_result_attribute = quota
quota_cache = no
quota_bind = yes
quota_bind_dn = $ldap_bind_dn
quota_bind_pw = $ldap_bind_pw
quota_version = $ldap_version

# Mail to reply for gnarwl and mail to forward during vacation
recipient_bcc_maps = ldap:vfm
vfm_server_host = $ldap_server_host
vfm_search_base = $ldap_search_base
vfm_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(vacationActive=TRUE)(forwardActive=FALSE)(accountActive=TRUE)(delete=FALSE))
vfm_result_attribute = mailAutoreply
vfm_cache = no
vfm_bind = yes
vfm_bind_dn = $ldap_bind_dn
vfm_bind_pw = $ldap_bind_pw
vfm_version = $ldap_version

# transport_maps
maildrop_destination_concurrency_limit = 2
maildrop_destination_recipient_limit = 1
gnarwl_destination_concurrency_limit = 1
gnarwl_destination_recipient_limit = 1
transport_maps = hash:/etc/postfix/transport, ldap:transport
mydestination = $transport_maps, localhost, $myhostname, localhost.$mydomain, $mydomain
virtual_alias_maps = hash:/etc/postfix/virtual, ldap:virtualforward, ldap:aliases, ldap:accountsmap

# virtual accounts for delivery
virtual_mailbox_base = /home/vmail
virtual_mailbox_maps = ldap:accounts
virtual_minimum_uid = 1000
virtual_uid_maps = static:1000
virtual_gid_maps = static:1000

local_recipient_maps = proxy:unix:passwd.byname, $alias_maps, $virtual_mailbox_maps

Next we add the transport for gnarwl:

vi /etc/postfix/transport

Add

.autoreply    :gnarwl

Compile the transport db:

postmap /etc/postfix/transport

This concludes the postfix configuration. We will restart the services later.

Share this page:

19 Comment(s)

Add comment

Comments

From: at: 2008-09-18 18:32:04

You can add as many virtual domains as you want. The virtual users belong to the virtual domains you add in the phamm interface.

Only the admin account can add domains. Virtual users are managed either by admin, or by the account created when you add a virtual domain. 

From: at: 2008-09-02 17:34:27

This was exactly what I was looking for, until I notice this was set up for virtual users on a single domain and not multiple virtual domains. I don't think it stated in the article?

From: at: 2008-11-25 21:31:30

The schema files are missing, some of them are available in the openldap config, some don't.
I've been searching for some of them on google, some are still located in the catch. Is there someone with the full package or has the files available some where?

From: Anonymous at: 2008-12-03 21:02:50

In the next screen choose organization from the scroll box.

Click create.

On the next sceen chose o from the RDN drop down box.

Enter hosting in the first field boxn scroll down and click create.

 I do this, the first field being "o" required.

I enter hosting

click create,

and it returns

Error

The Rdn attribute () does not exist.

where, oh where, have I gone amiss?

 

From: dali at: 2011-05-29 05:46:10

I know that you may not need this info anymore , but let me post it for newbies that search for info :

you have to initialize you slapd with an ldif that contiains intitial domain , group or anything else : 

 like :

dn: dc=esprit,dc=tn
dc: esprit
objectClass: domain

dn: ou=People,dc=esprit,dc=tn
ou: People
objectClass: organizationalUnit

dn: ou=Groups,dc=esprit,dc=tn
ou: Groups
objectClass: organizationalUnit

# Engineering Department
dn: ou=Engineering,ou=People,dc=esprit,dc=tn
ou: Engineering
objectClass: organizationalUnit

# Admin Group
dn: cn=Admin,ou=Groups,dc=esprit,dc=tn
gidNumber: 502
memberUid: admin
memberUid: admin
cn: Admin
objectClass: posixGroup

# Admin User :
dn: uid=dali,ou=Engineering,ou=People,dc=esprit,dc=tn
sn: dali difallah
userPassword: BJsRlQT3MmAYL+HluuVVwkWX4UM96yXQ
objectClass: shadowAccount
objectClass: person
uid: dali
cn: dali difallah

# Admin User : admin
dn: uid=admin,ou=Engineering,ou=People,dc=esprit,dc=tn
sn: Admin User
userPassword: BJsRlQT3MmAYL+HluuVVwkWX4UM96yXQ
objectClass: shadowAccount
objectClass: person
uid: admin
cn: Administrator

 

you can refer to http://blog.javachap.com/index.php/installing-openldap-on-centos

 thats not the same thing but it give you better idea

also , a cummon problem , when using a used domain name : .com .net .fr .de .net .   ...... remember to disable name resolution to avoid : SASL/DIGEST-MD5 authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)

 (comment your /etc/resolv.conf entries)

From: claytondus at: 2008-12-02 21:04:44

Until this guide is updated for Ibex, users need to know that the slapd.conf file has been supplanted by the cn=config database in Ibex.  This guide from the Ubuntu Server Guide should help you get the schemata imported.

OpenLDAP Server for Ubuntu 8.10 (Intrepid Ibex)

 The schemata must be converted to LDIF and then imported into the cn=config database before proceeding.

 

From: Julio del Aguila at: 2008-12-29 19:13:18

Take care with simbol ) replace it with } on the line:

flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient)

replace to

flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}

You can save hours with this replace.

Julio.

From: weec at: 2009-09-11 13:04:26

need transport block

 open.rhx.it/doc/mailserver-howto/mailserver-howto.pdf

From: Julio del Aguila at: 2009-01-10 14:49:33

If you have some problems with not receiver autoreply check transport in this tutorial and change the line

.autoreply    :gnarwl

for

.autoreply    gnarwl:

 

It works for me.

From: Janusz at: 2009-04-15 21:37:46

Hi, this howto includes one mistake and some inaccuraties. Please take under consideration the following issues: - it is:

 dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient)

while it should be:

dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}

- it is:

# the uid of your vmail user user_global_uid = 1000

# the guid of your vmail group user_global_gid = 1000

mine dovecot doesn't recognize those options, but those work:

mail_uid = 1000 mail_gid = 1000

- in /etc/dovecot/dovecot-ldap.conf it is:

dn = cn=admin,dc=example,dc=tld dnpass = secret

what for is it for? its not needed, in my opinion.

- you use Debian - once upon a time I've also used Debian. The problem with it was that postfix deb wasn't compiled with vda extension - quota need this to work. The howto is ok, but I would suggest writing also overall architecture

- there is no saslauthd and this is great as the setup is much more simple, but one don't have to know that postfix can use dovecot-sasl or even that dovecot provides one. The most important thing which wasn't written is that the phamm.org (or better - phamm package) includes most of examples provided here, so they are very good for reference. Regards.

From: willi at: 2009-06-28 00:06:31

sorry i'd like to say beam me up scotty I do not see the point I think those lines are equal: Hi, this howto includes one mistake and some inaccuraties. Please take under consideration the following issues: - it is:  dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient) while it should be: dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient} -----------------------

From: Clayton Davis at: 2008-12-05 17:55:54

Dovecot requires you to replace "default_mail_env" with "mail_location" if you are using Dovecot > 1.0rc11.  This is applicable to the default version installed in Ibex (8.10).

 

From: willi at: 2009-06-28 00:22:42

Thank you for this howto - I do follow your explanations on an CentOS 5 System: With modifications I have dovecot working and accepting it. Phamm is implemented on another system and connects to the Mailserver with Openldap (I do want to go further moving it to another Server with Kerberos Ldap support isolating mail.lan.dom for security reasons) 1.) I got stuck with gnarwl getting compile errors - will contact the developer for this! BUT: I do have problems with postfix - accounts are verified against ldap - this is OK BUT: I think postfix is not able to create the mailbox path a postmap -q john.doe@lan.dom ldap:accounts retreats lan.dom/john.doe which seems to be perfect the maillog issues: fatal: pipe_command: execvp /usr/local/bin/maildrop: No such file or directory++ ps.: I'd built transport.db and virtual.db from empty files tks in advance IF - I'm through with this I will write it down and send you the implementation log - if you like

From: difallah at: 2011-05-29 13:25:29

to avoid :

root@mail:/etc/ssl/certs# tailf /var/log/dovecot.log 
dovecot: May 29 15:05:15 Error: pop3-login: Can't load private key file 
/etc/ssl/certs/ssl-cert-snakeoil.pem: error:0906D06C:PEM 
routines:PEM_read_bio:no start line
dovecot: May 29 15:05:15 Error: child 15890 (login) returned error 89
dovecot: May 29 15:05:15 Error: child 15891 (login) returned error 89
dovecot: May 29 15:05:15 Error: child 15892 (login) returned error 89
dovecot: May 29 15:05:15 Error: child 15893 (login) returned error 89
dovecot: May 29 15:05:15 Error: pop3-login: Can't load private key file 
/etc/ssl/certs/ssl-cert-snakeoil.pem: error:0906D06C:PEM 
routines:PEM_read_bio:no start line
dovecot: May 29 15:05:15 Error: imap-login: Can't load private key file 
/etc/ssl/certs/ssl-cert-snakeoil.pem: error:0906D06C:PEM 
routines:PEM_read_bio:no start line
dovecot: May 29 15:05:15 Error: imap-login: Can't load private key file 
/etc/ssl/certs/ssl-cert-snakeoil.pem: error:0906D06C:PEM 
routines:PEM_read_bio:no start line 

correct in /etc/dovecot/dovecot.conf : Replace

ssl_key_file = /etc/ssl/certs/ssl-cert-snakeoil.pem

By ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key

 and allow user devocot read right for .  /etc/ssl/private/ssl-cert-snakeoil.key by adding him to ssl-cert  as secondary group  :

usermod -a -G ssl-cert dovecot

From: Aydin KOCAK at: 2009-04-07 12:59:52

If you didn't insert samba.scheme in slapd.conf you gave the following error :

-------------------------------Output----------------------------------------------------------

line 162 (access to dn.regex=".+,vd=([^,]+),o=hosting,dc=turkom,dc=com,dc=tr" attrs=userPassword,sambaNTPassword,sambaLMPassword        by dn="cn=admin,dc=turkom,dc=com,dc=tr" write        by self write        by anonymous auth        by dn.exact,expand="cn=postmaster,vd=$1,o=hosting,dc=turkom,dc=com,dc=tr" write        by set="user/vd & [$1]" write)
/etc/ldap/slapd.conf: line 162: unknown attr "sambaNTPassword" in to clause

-------------------------------------------------------------------------------------------------

when you add to samba.scheme problem can be solved.


 

From: Anonymous at: 2008-11-21 01:07:50

In your PHAMM hack, you say to edit 'plugins/mail.xml'... WAY OFF... How about 'www-data/main.php'?

From: zauaus at: 2009-01-21 18:03:23

really sorry, but at the end of this guide this my result:

postfix: 

postfix/pickup[1373]: warning: maildrop/D4E1xxxxxx: queue file write error

 postfix/trivial-rewrite[1460]: warning: dict_ldap_lookup: transport: Search base '' not found: 32: No such object

dovecot:

Error: auth(default): LDAP: ldap_result() failed: Can't contact LDAP server

 Warning: Killed with signal 15

 dovecot can't connect to ldap server, postfix can't connect. where is content of /etc/postfix/virtual file?

 

sorry man, really thanks for your work.

zauaus 

 

 

From: at: 2009-08-24 06:55:15

Ny.

I modified main.xml in order to use dovecot accordingly to this line " Replace each entry with maildrop: with dovecot: ......"

but postfix continue to use maildrop instead of postfix.

Any idea please??

From: Matthew Cho at: 2008-09-29 16:58:01

i always try to read the whole tutorial before attempting to try it out on my test server.

So, I cannot confirm, but is gnarwl spelled wrong at the top of this page?

apt-get install gnawl